Privacy, RGPD, you and HigherEdMe

 

HigherEdMe is managing data of students and of universities to facilitate the matchmaking process making study abroad projects come true. To be RGPD compliant, HigherEdMe follows the recommendation of the CNIL, the official national data guard.

Student data

  • We contact students by means of campaigns on social networks.
  • 100% of students have opted-in
  • We have made clear that all declared data will be visible to recruiters
  • Every student can opt-out and cancel their account.
  • We anonymize cancelled accounts.
  • After 3 years, all expired accounts are anonymized.

University data

  • We contact recruiters by means of campaigns on social networks, direct contact on app fairs where they opt-in and meetings.
  • 100% of recruiters have opted-in and accepted our terms of use (free plan) and terms of sales (basic and pro accounts).
  • Contact details of the recruiter are sent to a student when this student accepts a contact request from that recruiter.
  • All recruiters can opt-out and cancel their account, which deletes all university references on HigherEdMe websites.
  • We do not keep university platform data when an account is cancelled, and transfer all activity to the recruiter.

Newsletter for Universities

  • We send one monthly newsletter to our university users and prospects.
  • We use mailjet, which is RGPD compliant.
  • We embed an unsubscribe link systematically.
  • We send 3 times to non-opened status max.
  • We never transfer university details to partners in case of advertising.

More details on our RGPD compliance project

Below you will find more details on how we have implemented our RGPD compliance.

RGPD Pilot

Arnaud, the CEO of HigherEdMe, is the RGDP pilot and DPO of HigherEdMe (DPO-10383). You can send an email to privacy (at) higheredme.com for more details.

Mapping data and Registry

The team has mapped all the data processes and built a registry to define how each process is treated : who, what, why, where, till when, how.

Action planning and risk management

Our team has defined an action plan to follow RGPD rules and regulations and processed a risk management analysis.

Storage

Our private datasets are stored in Europe, in Ireland, under European laws and regulation. We don’t keep critical data inside our office.